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APPROXIMATIONS OF STOCHASTIC HYBRID SYSTEMS: A COMPOSITIONAL 

APPROACH 

MAJID ZAMANP, MATTHIAS RUNGGERi, AND PEYMAN MOHAJERIN ESFAHANP 


Abstract. In this paper we propose a compositional framework for the construction of approximations of 
the interconnection of a class of stochastic hybrid systems. As special cases, this class of systems includes 
both jump linear stochastic systems and linear stochastic hybrid automata. In the proposed framework, 
an approximation is itself a stochastic hybrid system, which can be used as a replacement of the original 
stochastic hybrid system in a controller design process. We employ a notion of so-called stochastic simulation 
function to quantify the error between the approximation and the original system. In the first part of the 
paper, we derive sufficient conditions which facilitate the compositional quantification of the error between the 
interconnection of stochastic hybrid subsystems and that of their approximations using the quantified error 
between the stochastic hybrid subsystems and their corresponding approximations. In particular, we show how 
to construct stochastic simulation functions for approximations of interconnected stochastic hybrid systems 
using the stochastic simulation function for the approximation of each component. In the second part of the 
paper, we focus on a specific class of stochastic hybrid systems, namely, jump linear stochastic systems, and 
propose a constructive scheme to determine approximations together with their stochastic simulation functions 
for this class of systems. Finally, we illustrate the effectiveness of the proposed results by constructing an 
approximation of the interconnection of four jump linear stochastic subsystems in a compositional way. 


1. Introduction 

Stochastic hybrid systems are a general class of dynamical systems consisting of continuous and discrete 
dynamics subject to probabilistic noise and events. In the past few years, this class of systems has become 
ubiquitous in many different fields due to the need for a rigorous modeling framework for many safety- 
critical applications. Examples of those applications include air traffic control |GL04| . biochemistry [SHIP) , 
communication networks [Hes04| . and systems biology |HWS04) . The design of controllers to enforce certain 
given complex specifications, e.g. those expressed via formulae in linear temporal logic (LTL) |BK08) . in a 
reliable and cost effective way is a grand challenge in the study of many of those safety-critical applications. 
One promising direction to achieve those objectives is the use of simpler (in)finite approximations of the given 
systems as a replacement in the controller design process. Those approximations allow us to design controllers 
for them and then refine the controllers to the ones for the concrete complex systems, while provide us with 
the quantified errors in this detour controller synthesis scheme. 

In the past few years there have been several results on the (in)finite approximations of continuous-time 
stochastic (hybrid) systems. Existing results include the construction of finite approximations for stochastic 
dynamical systems under contractivity assumptions [Aba09| . restricted to models with no control inputs, a 
finite Markov decision process approximation of a linear stochastic control system |LAB09) . however without 
a quantitative relationship between approximation and concrete model, and the construction of finite bisimilar 
abstractions for stochastic control systems |ZMM~*~14l IZTAI4j , for stochastic switched systems |ZAGI5| , for 
randomly switched stochastic systems [ZAI4) . and the construction of sound finite abstractions for stochastic 
control systems without any stability property [ZMALl^ . Further, the results in [,IP09) check the relationship 
between infinite approximations and a given class of stochastic hybrid systems via a notion of stochastic 
(bi)simulation functions. However, the results in |JP09j do not provide any approximations and moreover 
appear to be computationally intractable in the case of systems with inputs because one requires to s olve a game 
in order to quantify the approximation error. Note that all the proposed results in |Aba09irLAB09irZMM~*~14l 
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IZTA141IZAG151IZA141[ZMAL121|JP09) take a monolithic view of continuous-time stochastic (hybrid) systems, 
where the entire system is approximated. This monolithic view interacts badly with the construction of 
approximations, whose complexity grows (possibly exponentially) in the number of continuous state variables 
in the model. 

In this paper, we provide a compositional framework for the construction of infinite approximations of the 
interconnection of a class of stochastic hybrid systems, in which the continuous dynamics are modeled by 
stochastic differential equations and the switches are modeled as Poisson processes. As special cases, this 
class of systems includes both jump linear stochastic systems (JLSS) and linear stochastic hybrid automata 
[JP09j . Our approximation framework is based on a new notion of stochastic simulation functions. In this 
framework, an approximation, which is itself a stochastic hybrid system (potentially with lower dimension 
and simpler interconnection topology), acts as a substitute in the controller design process. The stochastic 
simulation function is used to quantify the error in this detour controller synthesis scheme. Although an 
approximation in our framework might not be directly amenable to algorithmic synthesis methods based 
on automata-theoretic concepts [MPS95j which require finite approximations, our approach facilitates the 
construction of potentially lower-dimensional less-interconnected stochastic hybrid systems as approximations 
and, hence, can be interpreted as the first pre-processing step in the construction of a hnite approximation. 

In the first part of the paper, we derive sufficient small-gain type conditions, similar to the ones in [DlWllj . 
under which one can quantify the error between the interconnection of stochastic hybrid subsystems and that 
of their approximations in a compositional way by using the errors between stochastic hybrid subsystems 
and their approximations. In the second part of the paper, we focus on JLSS and propose a computational 
scheme to construct infinite approximations of this class of systems, together with the corresponding stochastic 
simulation functions. To show the effectiveness of the proposed results, we construct an approximation (two 
disjoint 3 dimensional JLSS) of the interconnection of four JLSS (overall 10 dimensions) in a compositional 
way and then use the approximation in order to design a safety controller for the original interconnected 
system. Note that the controller synthesis would not have been possible without the use of the approximation. 

The recent work in [RZ15] provides a compositional scheme for the construction of infinite approximations 
of interconnected deterministic control systems without any hybrid dynamic. The results in this paper are 
complementary to the ones in |RZ15j as we extend our focus to the class of stochastic hybrid systems. A 
preliminary investigation of our results on the compositional construction of infinite approximations of inter¬ 
connected stochastic hybrid systems appeared in |Zaml4) . In this paper we present a detailed and mature 
description of the results announced in [Zaml4| . including proposing a new notion of stochastic simulation 
functions which is computationally more tractable in the case of systems with inputs and providing constructive 
means to compute approximations of JLSS. 

2. Stochastic Hybrid Systems 

2.1. Notation. We denote by N the set of nonnegative integer numbers and by M the set of real numbers. We 
annotate those symbols with subscripts to restrict them in the obvious way, e.g. K>o denotes the positive real 
numbers. The symbols 0„, and 0„xm denote the identity matrix, zero vector, and zero matrix in 
M", and respectively. For a,b gM. with a < b, we denote the closed, open, and half-open intervals in 

K by [a, &], ]«, 6[, and ]a, 6], respectively. For a, 6 S N and a < 6, we use [a;&], ]a;6[, [a; 6[, and to 
denote the corresponding intervals in N. Given N G N>i, vectors Xi G Ui G N>i and i G [1; A^], we use 
X = [xi]...] xn] to denote the vector in K" with n = J2i=i Similarly, we use X = [Xi ;...; X^] to denote 
the matrix in with n = given N G N>i, matrices X^ G m G N>i, and i G [1; At]. Given 

a vector x G K", we denote by ||a;|| the Euclidean norm of x. The distance of a point x G K" to a set D C M" 
is defined as ||a;||D = inf^go ||a; — d||. Given a matrix P = {pij} G K"^", we denote by Tr(P) = the 

trace of P. 

Given a function / : K" —>■ K™ and x G K™, we use f = x to denote that f{x) = x for all x G K". If x is the 
zero vector, we simply write / = 0. Given a function / : K>o —>■ K", the (essential) supremum of / is denoted 
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by ll/lloo := (ess)sup{||/(t)||,i > 0}. Measurability throughout this paper refers to Borel measurability. A 
continuous function 7 : IR>o —>■ K>o, is said to belong to class 1C if it is strictly increasing and 7 ( 0 ) = 0; 7 is 
said to belong to class /Coo if 7 G /C and 7 (r) —>• 00 as r —>• 00 . A continuous function /3 : IR>o x IR>o —>■ K>o 
is said to belong to class ICC if, for each hxed t, the map belongs to class AC with respect to r and, for 

each fixed nonzero r, the map /3(r, t) is decreasing with respect to t and /3{r, t) —>■ 0 as t —>■ 00 . 

2.2. Stochastic hybrid systems. Let (fl, P) be a probability space endowed with a filtration F = (J^s)s>o 
satisfying the usual conditions of completeness and right continuity |KS91l p. 48]. Let (tFs)s>o be a ^ 
dimensional F-Brownian motion and {Ps)s>o be a 5 -dimensional F-Poisson process. We assume that the Pois¬ 
son process and the Brownian motion are independent of each other. The Poisson process Pg '■= ;...; Pf] 

model q kinds of events whose occurrences are assumed to be independent of each other. 

Definition 2.1. The class of stochastic hybrid systems with which we deal in this paper is the tuple E = 
(M", K™, K^, A/, yV,/, cr, r, IR'*,/i), whereMP, M™, andM.'^ are the state, external input, internal input, and 
output spaces, respectively, and 

• U is a subset of the set of all P-progressively measurable processes with values in K'"; see [KS911 Def. 
1 . 11 ]; 

• W is a subset of the set of all W-progressively measurable processes with values in 

• / : K" X X —>■ K" is the drift term which is globally Lipschitz continuous: there exist constants 
Lx, Lu, Lyj G K>o such that: \\f{x, u, w) — f{x', u', w')jj < Lx\\x — x'\\ -\- Lu\\u — u'jj -I- Lyg\\w — rc'jj for all 
x,x' G K", all u,u' G K"*, and all w,w' G 

• tr : K" —>■ is the diffusion term which is globally Lipschitz continuous; 

• r : K" —>■ is the reset function which is globally Lipschitz continuous; 

• h : K" —> is the output map. 

A stochastic hybrid system E satisfies 

P-almost surely (P-a.s.) for any 1 / G U and any w G W, where stochastic process : Cl x IR>o —>■ K” is called 
a solution process of E and stochastic process f : Cl x ]R>o —> is called an output trajectory of E. We call 
the tuple a trajectory of E, consisting of a solution process an output trajectory f, and input 

trajectories n and w, that satisfies (13 P-a.s.. We also write iavu){t) to denote the value of the solution 
process at time t G K>o under the input trajectories v and to from initial condition ^oi/tj(0) = a P-a.s., in 

which a is a random variable that is pQ-nieasurable. We denote by C,avuj the output trajectory corresponding 

to the solution process Here, we assume that the Poisson processes Pf, for any i G [I;?], have the rates 
of Xi- We emphasize that the postulated assumptions on /, a, and r ensure existence, uniqueness, and strong 
Markov property of the solution processes |Bor89| . 

Remark 2.2. We refer the interested readers to Section IV in |jpn9] showing how one can cast linear sto¬ 
chastic hybrid automata (LSHA) as jump linear stochastic systems (JLSS) (c.f. 5'ec/ion[^ which are a specific 
class of the ones introduced in Definition\2.1\ 


3. Stochastic Simulation Function 


Before introducing the notion of stochastic simulation functions, we first need to define the infinitesimal 
generator of a stochastic process. 


Definition 3.1. Let E = (M”, K™, K^, A/, W,/, u, r, M'^, h) and E = (M", K™, R^, W, VV,/, d, f, M®, h) be two 
stochastic hybrid systems with solution processes f and f, respectively. Consider a twice continuously differen¬ 
tiable function V : R" x R” —>■ R>o. The infinitesimal generator of the stochastic process S = [CiC]; denoted 
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by C, acting on function V is defined in [0SO51 Section 1.3] as: 


CV {x,x) := [dxV dxV] 


' f{x,u,w) 
f{x,u,w)^ 


+ lTr 


a(x) 

a(x) 




dx,xV dx,xV 
dx,xV dx,xV 


for every x S 


i=l 

\ X e K*, u G 


+ ^ Xi {V {x + r{x)ei, x + f(x)ei) — V(x, x )), 
, ii G K™, w G and w G 


(3.1) 


Now, we introduce a notion of stochastic simulation functions, inspired by the notion of simulation function 
in [RZldj . for deterministic control systems distinguishing the role of internal and external inputs. 

Definition 3.2. Let S = (K", K™, W,/, cr, r, K?, h) and S = (M”, M*, Rp, W, W,/, d, f, K«, h) be two 

stochastic hybrid systems with the same internal input and output space dimension. A twice continuously 
differentiable function V : M" x M” —)■ IR>o is called a stochastic simulation function from E to E in the fcth 
moment (SSF-M^), where k > 1, if it has polynomial growth rate and for any x G M" and x G M” one has 

a{\\h{x) - h{x)f) <V{x,x), (3.2) 

and Vu G R™ Vw G Rp 3u G R"* Vu> G Rp one obtains 

CV (x,x) < -g(V (a;,x)) + /9ext(||M||'') + Pint{\\w - ■u)||'^), (3.3) 

for some /Coo functions a,r], pext, Pint, where e^ G R'^ denotes the vector with 1 in the ith coordinate and O’s 
elsewhere, a,r] are convex functions, and pext, Pint are concave ones. 


In the above definition, the symbols dx and dx,x denote the first and the second order partial derivatives with 
respect to x and x and x, respectively. 

We say that a stochastic hybrid system E is approximately alternatingly simulated in the kth moment by 
a stochastic hybrid system E or E approximately alternatingly simulates in the kth moment E, denoted by 
S ^^5 C, if there exists a SSF-M/j function V from E to E. We call E an abstraction of E. 


Remark 3.3. Note that the notion of SSF-Mk here is different from the notion of stochastic simulation 
function in |JP09[ Definition 2] requiring the existences of a supermartingale function |Oks02[ Appendix C] 
whose construction is computationally intractable in the case of (even linear) systems with inputs because one 
requires to solve a game to compute this function. On the other hand, the notion of stochastic (bi)simulation 
function in [jPOQ] is stronger than the notion of SSF-Mk as it provides a lower bound on the probability of 
satisfaction of specifications for which satisfiability can be obtained at all time instances rather than for a 
bounded time horizon (cf. Proposition 3.1) or at single time instances (cf. Proposition 3.8). We refer the 
interested readers to Subsection V.B in [ZMM^14) for more detailed information about those differences in 
satisfiability. 


Remark 3.4. If the drift, diffusion, and reset terms in E and E in Definition 3.2 are polynomial, one can 
use some sum of squares based semidefinite programing tools, such as SOSTOOLS [PAV+131 Subsection 4.2], 
in order to efficiently search for a (sum of squares) SSF-Mk function from E to E which may not exist in 
general. 


The following theorem shows the importance of the existence of a SSF-Mfc function by quantifying the error 
between the behaviors of E and the ones of its abstraction S. 

Theorem 3.5. Lef E = (R”, R™, RP,d/, W,/, cr, r, R?, h) and E = (R", R™, Rp,W, W, /, d, f, R®, h). Suppose 
V is an SSF-Mk function from T, to T,. Then, there exist a ICC function /? and IC^o functions 7ext; Tint such 
that for any P G U, any Cj G W, and any random variable a and d that are pQ-measurabl^ there exists v gU 

^Note that Tq may be the trivial sigma-algebra, i.e., a and a are deterministic initial conditions. 































APPROXIMATIONS OF STOCHASTIC HYBRID SYSTEMS: A COMPOSITIONAL APPROACH 


5 


such that for all uj G W the following inequality holds: 

E[||Cai.td(i) - Upcd(t)\\^] < p (E[V{a,a)],t) + 7ext 


i>||^])+7int(E[||a.-c2.||^]). 


(3.4) 


The proof of Theorem |3.5| requires the following preparatory lemma and is provided in the Appendix. 

Lemma 3.6. Let g be a non-negative constant and g be a /Coo function. Suppose that the function y : K>o —>■ 
IR>o is continuous and we have y{t) < y{to) + /j* [~^(//(''')) +ff] dr for all t > to > 0- Then, there exists a ICC 
function i9 such that 

y{t) < max|d(y( 0 ),/),ry"^( 25 )|, Vt > 0. 

The proof of Lemma |3.6| is provided in the Appendix. 


Note that the importance of the result provided in Theorem |3.5| is that one can synthesize a controller for 
the abstraction E, which is potentially easier (e.g., lower dimension and simpler interconnection topology) to 
enforce some complex specification, for example given in LTL. Then there exists a controller for the concrete 
stochastic hybrid system S satisfying the same complex specification. The error, introduced in the design 
process by taking the detour through the abstraction, is quantified by inequality (3.4). In Section]^ we show 
how one can actually refine a controller designed for the abstract JLSS to a controller for the original JLSS 
via a so-called interface function. 

The notion of stochastic simulation function in this work can also be used to lower bound the probability that 
the Euclidean distance between any output trajectory of the abstract model and the corresponding one of the 
concrete model remains close. 

We make the above statement more precise with the following results. 

Proposition 3.7. Let E and E be two stochastic hybrid systems with the same internal input and output 


space dimension. Suppose V is an SSF-Mk function from C to C and the /Coo function rj in (3.3) satisfies 


r]{r) > Or for some 0 € M>o and any r G K>o. For any v GU, any Cj G W, and any random variable a and a 
that are Fo-measurable, there exists v GlA such that for all uj GW the following inequalities (3.5) and (3.6) 
hold provided that there exists a constant e > 0 satisfying e > /Oext(||i/||TC) + Pint(||w — w||^).' 

V(a, a 


PS sup II Ca 

l0<t<T 

sup II Ca 

Lo<t<T 


1 - 


At) - Cai>cD(/)|| > e I [a;a] [■ < 1 - 

0V(a, d 


j(t) - CaOLj{t)\\ >e\ [a;a] ^ < 


a {e^) 

- (e™ - 1) e 




if a {s'") > 


e 

> 


6a (s^) e 


re 


if a (e*^) < 


e 

< -. 
0 


(3.5) 

(3.6) 


The proof of Proposition |3.7| is provided in the Appendix. 


As an alternative to the previous result, we now use the notion of stochastic simulation function to lower 
bound the probability of the Euclidean distance between any output trajectory of the abstract model and the 
corresponding one of the concrete model point-wise in time: this error bound is sufficient to work with those 
specifications for which satisfiability can be achieved at single time instances, such as next (Q ) and eventually 
(O) in LTL. Please look at the explanation after the proof of Proposition 5.11 in |ZMM~*~14] for more details. 

Proposition 3.8. Let E and E be two stochastic hybrid systems with the same internal input and output space 
dimension. Suppose V is an SSF-Mk function from T, to C. For any v gU , any Cj G W, and any random 
variable a and d that are -measurable, there exists v GU such that for all ui G W the following inequality 
holds for all t G K>o.' 


p{iic.„(<) -Cmii > s} < 


. 7 i„t(E[||..-ib||^]))^ 


(3.7) 


where f3, 7ext, und 7int are the functions appearing in (3.4). 
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The proof of Proposition |3.8| is provided in the Appendix. 


In the next section, we work with interconnected stochastic hybrid systems without internal inputs, resulting 
from the interconnection of stochastic hybrid subsystems having both internal and external signals. In this 
case, the interconnected stochastic hybrid systems reduce to the tuple E = (M", /, cr, r, M'?, Ii) and the 

drift term becomes / : K" x M"* I 

hence, the term pintdlw — is omitted as well. Similarly, the results in Theorem 


In this view, inequality (3.3) is not quantified over w,w S and. 


3.5 


and Propositions 


3.7 


(3.61, 


and 3.8 are modified accordingly, i.e., for systems without internal inputs the inequalities (3.4), (3.5), 
and (3.7) are not quantified over uj,Cj G W and, hence, the term 7 int(IE[| |a’ — w||^]) is omitted in inequalities 
(3.4) and (3.7) and e is lower bounded as e > Pext(ll^’ll^) in Proposition 3.7 as well. 


The next corollary provides a similar result as the one of Proposition 3.7 but by considering an infinite time 
horizon and interconnected stochastic hybrid systems and assuming = 0, resulting in e = 0. The relation 
proposed in this corollary recovers the one proposed in |,IP091 Theorem 3]. 

Corollary 3.9. Let S and E be two interconnected stochastic hybrid systems with the same output space 
dimension. Suppose V is an SSF-M^. function from E to E. For p = 0 and any random variable a and d that 
are Fo-measurable, there exists v gU such that the following inequality holds: 

V (a, a) 


P 


sup lICa 

0<t<oo 


■(t) - CaoWII > e I [a;a] ^ < 


a (e*) 


The proof of Corollary |3.9| is provided in the Appendix. 


Note that under the assumptions of Corollary |3.9| any SSF-Mfc function is also a stochastic simulation function 
as in |JP09j . 


4. COMPOSITIONALITY RESULT 


In this section, we analyze interconnected stochastic hybrid systems and show how to construct an abstraction 
of an interconnected stochastic hybrid system together with the corresponding stochastic simulation function. 
The definition of the interconnected stochastic hybrid system is based on the notion of interconnected systems 
introduced in |TI08| . 


4.1. Interconnected stochastic hybrid systems. We consider N G N>i stochastic hybrid subsystems 

E, = [L,N] 

with partitioned internal inputs and outputs 

Wi = [wii;... ... ;WiN], Wij G 

Vi = [j/ii; • • ■; ViN], Vzj G (4.1) 

and output function 

hi{xi) = [h^i{xi );...; hiN{xi)], (4.2) 

as depicted schematically in Figure 


-yi2 




Ui- 

Wii- 


WiN- 


Figure 1. Input/output configuration of stochastic hybrid subsystem E^. 
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We interpret the outputs ya as external ones, whereas the outputs yij with i j are internal ones which are 
used to define the interconnected stochastic hybrid systems. In particular, we assume that the dimension of 
Wij is equal to the dimension of yji, i.e., the following interconnection constraints hold: 

Pij = qji, yi,j e [1; N], i ^ j. (4.3) 

If there is no connection from stochastic hybrid subsystem to S^-, then we assume that the connecting 

output function is identically zero for all arguments, i.e., hij = 0. We dehne the interconnected stochastic 
hybrid system as the following. 


Definition 4.1. Consider N € N>i stochastic hybrid subsystems = 
i G with the input-output eonfiguration given by (4.1|-(4.3|. 


, K-y MP-,/*, h,), 

The interconnected stochastic hybrid 


system S = 


,14, f,a,r,R.‘^, h), denoted I(Si,..., Ejv), follows by n = ^ 


q = qH) functions 


~ 2 ^ 4=1 


rrii, 


f{x,u) := [fi{xi,Ui,Wi)] . . . ; fN{XN,UN,WN)], 
a{x) := [cri(a;i);...; tTAr(a;„)], 
r{x) := [ri(a;i);...;rAr(a;„)], 
h{x) := [hii{xi );...; h^NixM)], 


where u = [ui;...; uat] and x = [xi;...; a;Ar] and with the interconnection variables constrained by Wij = yji 
for all i,j e [1; A^],i j. 


The interconnection of two stochastic hybrid subsystems and S^- from a group of N subsystems is illustrated 
in Figure 



Figure 2 . Interconnection of two stochastic hybrid subsystems and Sj . 


4.2. Compositional construction of abstractions and simulation functions. We assume that we are 
given N stochastic hybrid subsystems ,Ui,yVi, fi,ai,ri,R'^', hi ), together with their corre¬ 
sponding abstractions Si = ,Ui,Wi, fi,ai,ri,R‘^' ,hi) and with SSF-M^ functions Vi from Si to 

Si. In order to provide the main compositionality result, we require the following assumption: 

Assumption 1. For any i, j G [1; A], i j , there exist /Coo convex functions 7 i and constants Xi G K>o und 
Sij G M>o such that for any s G K>o 

7i(s)>A7i(s) (4.4a) 

hji = 0 Sij = 0 and (4.4b) 

hyi^O ^ Piint((A - l)”“^5’i>a-i(s)) < Siy-yyis), (4.4c) 

where rji, ai, and punt represent the corresponding /Coo functions of subsystems Si appearing in Definition\3.S\ 
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For notational simplicity in the rest of the paper, we define matrices A and A in with their components 

given by Ka = A^, = 0 for i S [1; A^] and A^- = 0, Ay = i5y for i,j G [1; A],z ^ j. Moreover, we define 

r(^) := [7i(si);... ;7w(sAf)]. where 's = [si;...; sat]. 

The next theorem provides a compositional approach on the construction of abstractions of interconnected 
stochastic hybrid systems and that of the corresponding SSF-M^ functions. 


Theorem 4.2. Consider the interconnected stochastic hybrid system E = T(Ei,..., Ejv) induced by N G N>i 
stochastic hybrid subsystems Suppose that each stochastic hybrid subsystem E^ approximately alternatingly 
simulates a stochastic hybrid subsystem Ei with the corresponding SSF-Mk function Vi. If Assumption^^holds 
and there exists a vector p G such that the inequality 

/i'^(-A + A)<0 (4.5) 


is satisfied then 


N 

V{x,x) := y^piVi{xi,Xi) 
2=1 


is an SSF-Mk function from E = X(Ei,..., E^v) to E. 


Proof. Note that for any x = [xi].. .]Xn], where Xi G and i G [1; -N], one obtains: 


N 


2=1 

for any k G [1, 2] due to triangle inequality and appropriate equivalency between different norms and 


N 


N 




ii^f = (ikf)® = (E 11^*11')" ^ E 

i=l i-1 

for any k > 2 due to Jensen’s inequality |BV09j for convex functions. By combining the previous inequalities, 
one gets 


N 


< ]\rmax{|,l}-l ^ I 


Xi\ 


(4.6) 


i=l 


for any fc > 1 and any x = [xi]...] xn], where Xi G K"’ and i G [1; N], 


First we show that inequality ( |3.2[ ) holds for some convex /Cqq function a. Using (4.61, for any x = [xi, .. .-,xn] G 
K" and x = [xi;... ]Xn] G K", one gets: 

N N 

||h(x) - h{x)f < ^ _ hu{x,)f < ^ 


2=1 

N 




i=l 


where a is a /Coo function defined as 


max ^^^^ay(si) 

d{s) := ^>0 

s.t. s = s. 

Now we show that a is a concave function. Let us recall that by assumptions are convex functions and, 
hence, a~^ are concav^ Thus, from an optimization point of view, the function a is a perturbation function 

^We interpret the inequality component-wise, i.e., for x S we have x < 0 iff every entry Xi <0, i S {!,..., N}. 

^Note that the inverse of a strictly increasing convex (resp. concave) function is a strictly increasing concave (resp. convex) 


one. 
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N N 

HV (x, x) — ^ ^ (^2 j ^2 ) ^ ^ ^ ^ (^i 5 Piint (|| '^i || ) “ 1 “ Piext (|| || 


2=1 

N 


N 




2=1 

N 


Y 


i = l,j /2 


2=1 

N 


N 


1 -'n^{yi{Xi,Xi)) ^ ^ Pjint((iV- - ^i(%)||'') +P*ext(||Mi||'') 

i = l,j /2 


2=1 

N 


N I N ' 

- I + X! ((^- {yj{Xj,Xj))^ + PtexiiWuiW'') 


2=1 

N 


i=i,i/2 
N 


— ^ ^ P'i I -^2^2(^(^25 ^2)) H” ^ ^ ^'^j'~ 1 j (y^j /^ 2 ext(II "^2 |j ) 

N 

= (-A + A)r([Vi {xi,xi) ;...;Vn (a:Ar,XAr)]) + '^ PiP^eyct{\\ui\\''). 


(4.7) 


which is known to be a concave function; see [BV091 Section 5.6.1, p. 249] for further details. By defining the 
convex^ JC^o function a(s) = Q'“^(s), Vs S K >05 one obtains 

a{\\h{x) - h{x)f) < V{x,x), 


satisfying inequality (3.2). Now we show that inequality (3.3) holds as well. Consider any x = [xi\... ',xn] € 
M", X = [ii;... ^xn] S K", and u = [Vi;...; un] S M™. For any i G [1; N], there exists Ui G ]R"*S consequently, 
a vector u = [ui;...; u^] G K™, satisfying (|3.3|) for each pair of subsystems and with the internal inputs 


given by Wij = hji{xj) and Wij = hji{xj). We derive the chain of inequalities in (4.7), where we use the 
inequalities (4.6) and: 

N-l 

Piint{ri H-h tn - i ) < ^ Piint{{N - l)ri), 

2 = 1 

which are valid for any > 1, pa^it ^ ^ and any € M>o, i € [1; A^[- Note that if pa^it satisfies 

the triangle inequality, one gets the less conservative inequality 

N-l 


Piintiri H-h rjv_i) < E Piinti^y 1 


2 = 1 


and it suffices that (4.9l holds instead of (4.4c I. Define the functions 


f min —^^ (—A + A) r(^) 


p{s) := < ?>o 

(4.8a) 

[ s.t. s = s. 


1 max —1 PiPieyit(^i') 


Pe.t{s):={ ^>0 

(4.8b) 

[ s.t. ||s||<s- 













10 


M. ZAMANI, M. RUNGGER, AND P. MOHAJERIN ESFAHANI 



Figure 3. Compositionality results. 


By construction, we readily have 


V (x, x) < -77 {V {x, i)) + Pextl 




where the functions ry and pext are /Coo functions. It remains to show that ?y is a convex function and pext is 
a concave one. Let us recall that by assumptions /i^ (—A + A) < 0 and 7 ^, the i-ih. element of F, is convex. 
Thus, the function rj in (4.8a) is a perturbation function which is a convex one. Note that by assumption each 


function piext is concave, and for the same reason as above, the function (4.8b I is also concave. Hence, we 
conclude that V is an SSF-M/j function from E to E. □ 


Remark 4.3. As shown in [DIWlll Lemma 3.1]. a vector u ^ satisfying /i^(—A + A) < 0 exists if and 
only if the spectral radius of A~^A is strictly less than one. 


Remark 4.4. If the functions punt, i G [1; A^j; satisfy the triangle inequality, piint(a + b) < Piint(a) 
for all non-negative values of a and b, then the condition (4.4c) reduces to 


hji^O /Oiint((Af - ^(s)) < %7i(s)- 


■ Piint iff) 


(4.9) 


Figure [^illustrates schematically the result of Theorem |4. 2 


5. Jump Linear Stochastic Systems 


In this section, we focus on a specific class of stochastic hybrid systems, namely, jump linear stochastic systems 
(JLSS) |JP09) and quadratic SSF-M 2 functions V. In the first part, we assume that we are given an abstraction 
E and provide conditions under which V is an SSF-M 2 function. In the second part we show how to construct 
the abstraction E together with the SSF-M 2 function V. 

A JLSS is defined as a stochastic hybrid system with the drift, diffusion, reset, and output functions given by 

9 

d^(/) ={Af{t) + Bv{t) + Du}{t))dt-\- Ef{t)dWt + ^ Rif{t)dPl, 

i=l 

m =cm, ( 5 . 1 ) 

where 


As 




,dg 


^nxp 


,Ee 


, Ri G 


\V*G [l;g],CG 


The matrices Ri, \/i G [1; q\, parametrize the jump associated with event i. We use the tuple 


E = {A,B,C,D,E, R), 
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where R = {i?i,..., i?,}, to refer to a JLSS of the form (5.1). Note that in this section we consider JLSS 


driven by a scalar Brownian motion for the sake of simple presentation, though the proposed results can be 
readily generalized for the systems driven by multi-dimensional Brownian motions as well. 


5.1. Quadratic SSF-M 2 functions. In this section, we assume that for some constant k G IR>o there exist 
a positive definite matrix M G and matrix K G R"^^" such that the matrix inequalities 

C'^C ^ M, (5.2) 

lA + BK + J^AiB,] M + M lA + BK + J^A^Bij + ^-kM, (5.3) 


hold. 


Note that condition (5.3) is sufficient and necessary for the asymptotic stability of E = (A, B, C, 0„xp, B, R) 
equipped with a linear feedback control law u = Kx in the mean square sense (second momentas showed 
in the next lemma. Condition (5.2) is always satisfied for any positive definite matrix M up to multiplication 


by some positive scalar which does not violate the satisfaction of (5.3). 


Lemma 5.1. A JLSS E = {A, B, C, Onxp, E, R) equipped with a linear feedback control law u = Kx is asymp¬ 
totically stable in the mean square sense if and only if there exists a positive definite matrix M G such 

that the matrix inequality (|5.3[) is satisfied for given feedback gain K and some positive constant k. 


The proof of Lemma 5.1 is provided in the Appendix. 


The matrices K and M in (5.2) and (5.3) can be computed jointly using semidefinite programming as explained 
in the following lemma. 


Lemma 5.2. Denoting K = KM ^ and M = M matrix inequalities (5.2) and (5.3) are equivalent to the 
following linear matrix inequalities: 


M 

0 


0 

M 


M MC^ 
CM Iq 

EM ' 

AlRqM 


>- 0 


ME'^ AlMRl 


0 

M 


AfRiM 

Q . 


h 0 , 


where 0 ’s denote zero matrices of appropriate dimensions and 


_ _ _ , 'i 

Q :=-kM - M(A + Y^ 


AiRi 1 — 


(■i+E 


A,Ri]M - K B^ - BK. 


(5.4) 


(5.5) 


The proof is a simple consequence of using Schur complements [BV09j and is omitted here for the sake of 
brevity. 


Here, we consider a quadratic SSF-M 2 function of the following form 

V{x,x) = {x — Px)^M{x — Px), 


(5.6) 


stochastic hybrid system S is said to be asymptotically stable in the mean square sense if all JT-measurable initial states 
a yield limt^.oo E[||g(t)|p] = 0. 
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where P is a matrix of appropriate dimension. Assume that the equalities 


AP = PA- BQ 

(5.7a) 

D = PD-BS 

(5.7b) 

CP = C 

(5.7c) 

EP = PE 

(5.7d) 

R,P = PR„ VzG [1;^, 

(5.7e) 


hold for some matrices Q and S of appropriate dimensions. In the following theorem, we show that those 
conditions imply that (5.6) is an SSF-M 2 function from E to E. 

Theorem 5.3. Consider two JLSS E = (A, B, C, D, E, R) and S = (A, B, C, D, E, R) with p = p and q = q. 
Suppose that there exist matrices M, K, P, Q, and S satisfying (5.2), (5.3), and ( |5.7| ), for some constant 
K S M>o- Then, V defined in (5.6) is an SSF-M 2 function from E to E. 


Proof. Note that V is twice continuously differentiable. We show that for every x G M", x G 
w G E.P, there exists u G such that for all w G V satisfies \\Cx — Cxp < V(x,x) and 

..xr/ .-x dV{x,x),. , dV{x,x),^.. 

CV (x, x) := --- (Ax + Bu + Dw) H- —7 - (Ax + Bu + Dw) 


u G 


dx 


Ex 

Ex 


x^E^ SFE^ 


dx 

dx,xV dx,xV 
dx,xV dx,xV 


< — (k — 7r)T (x, x) + 


2 ||VMP|i 


kc - w + 


- ^ \i(V(x + RiX,x + Rix) — V(x,x)) 

i=l 

2||VM(PP-PB)|12 2 


(5.8) 


TT TT 

for any positive constant tt < k and some matrix R of appropriate dimension. 

From (5.7c), we have \\Cx — Cxp = (x — Px)^C'^C(x — Px) and using M P C^C, it can be readily verified 


that IICx — Cxp < V(x,x) holds for all x S 
Note that 


X G M". We proceed with showing the inequality in (5.8). 

dxV(x,x) = 2(x — Px)^M, dxV(x,x) =—2(x — Px)^MP, dx,xV(x,x) = 2M, and 
dx,xV(x,x) = P'^dx,xV(x,x)P, dx,xV(x,x) = (dx,xV(x,x)f' = -dx,xV(x,x)P 

, X G K”, u G M*", and w € we choose u G via the following linear interface 


holds. Given any x G 
function: 

u = Vi)(x, X, u, w) := K(x — Px) + Qx + Ru + Sw, 
for some matrix R of appropriate dimension. 


(5.9) 


By using the equations (5.7a) and (5.7b) and the definition of the interface function in (5.9), we simplify 

Ax + Biyp(x, X, u, w) + Dw — P(Ax + Bu + Dw) 

to (A + BK)(x — Px) + D(w — zi) + (BR — PB)u and obtain the following expression for CV (x, x): 
CV(x,x) = 2(x — Px)^M[(A + BK)(x — Px) + D(w — zc) + (BR — PB)u\ 


E^ 0 ■ 
0 E'^ 

M 


M 


-MP 


E 0 


r n T 9 
X 






Z =1 


-P 

P^MPj [0 

E 

-MP 

P'^MP 

1 ^ 

^ A* 

Ri 0 

0 Ri 

X 

X 



i=l 



0 ■ 


M 

-MP 

■ 

Rf. 


-P'^M 

P'^MP 



T q 


Y.K 


Rj 


0 


0 Rfj L 


M -MP 
-P^M P^MP 



X 


X 


Ri 0 


X 

0 Ri 


X 
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where O’s denote zero matrices of appropriate dimensions. We use (5.7d) and (5.7e) to obtain the following 
expression for CV{x,x): 

q rp q 

CV{x,x) ={x- Pxf (^A + BK + ^XiR,'^ M + m(^A + BK + ^XiRi'^ 


Z=1 




+ E^ME + - P^) + 2(^ - PxfM [D(w - w) + {BR - PB)u]. 


Using Young’s inequality |Youl2) as 




for any a,b > 0 and any e > 0, and with the help of Cauchy-Schwarz inequality and (5.3) one gets the following 
upper bound for £V(x,x): 

T./ -N .,,2 2\\VM(BR- PB)P 

CV{x,x) < —kV{x,x) + t:V{x,x) H- ||u; — iu|p H- ||u|| , 

TT TT 

for any positive constant tt < k. 


Using this computed upper bound, we obtain (5.8) which completes the proof. Note that the /Cqo functions 
cij Pexti and pint, in Definition 3.2 associated with the SSF-M 2 function in (5.6) are given by a{s) := s, 
V{s) ■■= (k - 7 r)s, pext(s) := 2MSlS5z££}L.s and pint(s) := s, Vs G ]R>o. 


□ 

Remark 5.4. Using the li near functions a and rj, as computed in Theorem |5.31 the functions (3, 7extj 
Vint; appearing in Theorem 3.5. are simplified as the following: j5{r,t) '■= re” 7 ext{T) := ^^Pext(T), 
and 7 int(r’) := ^Pint(F) for any r.t^ R>o- 


Remark 5.5. Note that Theorem 5.3 does not impose any condition on matrix R. Similar to the results 
in [GP091 Propositional] for the deterministic case, we propose a choice of R which minimize function pext 
for V. The choice of R minimizing pext is given by 

R= {B'^MB)-^B^MPB. (5.10) 

Remark 5.6. ConsiderEi = [Ai, Bi,Ci, Di, Ei,Ri) and its abstraction T,i = (Ai, Bi,Ci, Di, Ei,Ri). Assume 
D^ = [d] ■ ■ • rff] and D, = U] ■ ■ ■ 


Using equation (5.7b), one can readily conclude that if dj G imR, for 

some j G [l;_p], then the corresponding dj can be chosen as dj = On. This choice for columns of D makes the 
interconnection topology of abstract subsystems potentially simpler and, hence, their analysis easier. We refer 
the interested readers to Section\^for an example of such choice for D. 


As of now, we derived various conditions on the original system E, the abstraction E, and the matrices 
appearing in (5.6) an d (|5.9[ ), to ensure that (5.6) is an SSF-M 2 function from E to E with the corresponding 
interface function in ( |5.9| ) lifting any control policy designed for E to the one for E. However, those conditions 
do not impose any requirements on the abstract external input matrix B. As an example, one can choose 
B = In which makes the abstract system E fully actuated and, hence, the synthesis problem over E much 
easier. Similar to |GP09l Subsection 4.1] in the context of deterministic control systems, one can also choose 
an external input matrix B which preserves all the behaviors of the original JLSS E on the abstraction E: for 
every trajectory (^, (^, v, w) of E there exists a trajectory (^, C,, v, ui) of E such that C = C D-a.s.. 


Note that using the following choice of external input matrix B, the results in |RZ15j for the linear deterministic 
control system are fully recovered by the corresponding ones here providing that the JLSS is not affected by 
any noise, implying that E, E, Ri, and Ri, Vi G [1; are identically zero. 
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Theorem 5.7. Consider two JLSS S = (A, B, C, D, E, R) and S = (A, B, C, D, E, R) with p = p and q = q. 
Suppose that there exist matrices P, Q, and S satisfying (5.7) and that the abstract external input matrix B 
is given by 


B = [PB PAG], (5.11) 

where P and G are assumed to satisfy 

G = CP (5.12a) 

I^ = PP + GP (5.12b) 

In = PP (5.12c) 

Oftxn = PEGP (5.12d) 

Oftxn = MGl^, Vi e [1;§], (5.12e) 


for some matrix P. Then, for every trajectory o/E there exists a trajectory ofT, so that 

C = C holds P-a.s.. 


Proof. Let (^, v,uj) be a trajectory of E. We are going to show that {f, h,oj) with 

C = C, ^ = Pi: and i/= 


P-a.s. is a trajectory of E. We use (5.7d), (5.7e), (5.12b), (5.12c), (5.12d), and (5.12e) and derive 


dP^ = {PA^ + PBiy + PDoj)dt + PE^dWt+j^PRi^dPl 

q 

= {PAPpf + PA( J„ -PP)i + PBv + PDw) dt + PE{PP + GF)£,dWt + ^PR^{PPpGF)^d Pj 
= {PAPpf + PAGF^ + PBv + PDuj) d t + PpeP^ dWt+J2 PPP^P^ d Pj 

Q 

= {pAPPi + Pages, + Pbv + Pduj) d t + ePs d w* -f ^ R^Ps d pp 


i=l 


i=l 


Now we use the equations (5.7al and (5.7bl and the definition of B and 0 to derive 

Q 

dPs= (P(PA - BQ)Ps + Pages + Pbv + P{pd - bs)oj) d t + ePs d w* -f ^ p*p^ d p* 

={APs + [PP PAG]p + Duj)dt + ePs dWt + J2 d P* 

Q 

={APs + Bv + Dio)dt + ePs d Wt + ^ 4 pC d P* 


showing that {PS,S,v,wi) is a trajectory of E. From G = GP in (5.12a), it follows that S = S P-a.s. which 
concludes the proof. □ 
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5.2. Construction of abstractions. In this subsection, we provide constructive methods to compute the 
abstraction E along with the various matrices involved in the definition of the stochastic simulation function 
and its corresponding interface function. 


First, let us recall Lemma 2 in |GP09) . showing that there exist matrices A and Q satisfying (5.7a) if and only 
if columns of P span an (A, i3)-controlled invariant subspace, see e.g. [BM921 Definition 4.1.1]. 


Lemma 5.8. Consider matrices A, B, and P. There exist matrices A and Q satisfying ( 5.7a[ ) if and only if 

imAPCimP + iuiB. (5.13) 


Given that P satisfies (5.13), it is straightforward to compute A and Q such that (5.7a) holds, by solving n 
linear equations. 


5.8 


Similar to Lemma 
appearing in condition (|5.7b). 


we give necessary and sufficient conditions for the existence of matrices D and S 


Lemma 5.9. Given P and B, there exist matrices D and S satisfying (5.7b) if and only if 

ivoD C im P + im B. 

The proof of Lemma |5.9| is provided in the Appendix. 


(5.14) 


Now we provide necessary and sufficient conditions for the existence of matrices E and Ri, Wi G [1; appearing 
in conditions (5.7d) and (5.7e). 


Lemma 5.10. Given P and E, there exists a matrix E satisfying (5.7d) if and only if 

m\EP C imP. 


(5.15) 


The proof is recovered from the one of Lemma 5.8 by substituting A, A, and B with E, P, and Onxm, 
respectively. 


Lemma 5.11. Given P and Ri, Vz G [1;?]) there exists matrices Ri, Vz G [1;5], satisfying (5.7e) if and only 
*/ 


(5.16) 


for any z G [l;g]. 


The proof is recovered from the one of Lemma 5.8 by substituting A, A, and B with Ri, Ri, Vz G [1;5], and 
Onxm, respectively. 


Lemmas |5.8[ 5.9[|5.10| and |5.1l| provide necessary and sufficient conditions on P which lead to the construction 
of matrices A, D, E, and Ri, Vz G [1;^, together with the matrices Q, S appearing in the definition of the 


interface function in (5.9). The output matrix C simply follows by C = CP. As we already discussed, the 


abstract external input matrix can be chosen arbitrarily. For example one can choose B = R making the 
abstract system E fully actuated and, hence, the synthesis problem over it much simpler. One can also choose 


B as in (5.11) guaranteeing preservation of all behaviors of E on E under extra conditions in (5.12). Lemma 


3 in [GP09], as recalled next, provides necessary and sufficient conditions on P and C for the existence of P, 
G, and F satisfying (|5.12a|), (|5.12b|), and (|5.12c|). 


Lemma 5.12. Consider matrices C and P with P being injective and let C = CP. There exists matrix P 


satisfying (5.12a), (5.12b), and (5.12c I, for some matrices G and F of appropriate dimensions, if and only if 

(5.17) 


imP + kerC = K". 
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Figure 4. The interconnected system E = I(Ei, E 2 , E 3 , S 4 ). 


The conditions ( |5.13 l-( 54^ (resp. (5.13)-(5.17)) complete the characterization of matrix P, together with the 
system matrices {A, B, C, D} leading to the abstract matrices {A, B, C, D}, where B can be chosen arbitrarily 
(resp. B is computed as in ( 5.11| ) for the sake of preservation of all behaviors of S on E as long as conditions 
(5.12d) and (5.12e) are also satisfied). Note that there always exists an injective matrix P G that 

satisfies the conditions (5.13l-(5. In the worst-case scenario, we can pick the identity matrix with h = n. 
Of course, we would like to have the abstraction E as simple as possible and, therefore, we should aim at a P 
with n as small as possible. 

We summarize the construction of the abstraction E in Table [U 


1. Compute matrices M and K satisfying (|5.2[) and (5.3). 


2. Pick an injective P satisfying (5.13)-(5.16) (resp. (5.13)-(5.17) only 
if the computed matrices P, G, and F satisfy (5.12d) and (5.12e)); 


3. Compute A and Q from (5.7a); 


4. Compute D and S from ( |5.7b[ ); 

5. Compute C = CP; 

6 . Choose B arbitrarily (resp. B = [PB PAG]); 


7. Compute R, appearing in (5.9), from (5.10); 


8 . Compute E from ( |5.7d ) (resp. E = PEP); 

9. For any i G [1;^, compute Ri from (5.7el (resp. Ri = PRiP). 


Table 1. Construction of an abstract JLSS E for a given JLSS E. 


6. An Example 


Let us demonstrate the effectiveness of the proposed results by synthesizing a controller for an interconnected 
system consisting of four JLSS E = I(Ei, E 2 , E 3 , E 4 ). The interconnection scheme of E is illustrated in 
Figure The system has two outputs and we synthesize a controller to enforce them to stay approximately 
(in the 2 nd moment metric) within the safety constraint 

5 = [0 5] X [0 5]. 

We refer the interested readers to the explanation provided before |ZMM~*~l'4l Remark 5.5] or to |ZTA141 
Subsection 5.1] concerning the interpretation of the satisfaction of a safety constraint in the moment over the 
concrete stochastic systems. 


In designing a controller for E we proceed as follows. In the first step, we compute abstractions E^ of the 
individual subsystems to obtain an abstraction E = T (Ei, E 2 , E 3 , E 4 ) of the interconnected system E. The 
interconnection scheme changes for E (see Remark 5.6) and the abstract system is given by two identical inde¬ 
pendent interconnected systems E 14 = T(Si, E 4 ) and E 23 = 21 (^ 2 , S 3 )■ The abstract system E is illustrated 
in Figurej^ In the second step, we determinize the stochastic systems E 14 and E 23 by neglecting the diffusion 
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Figure 5. The abstract interconnected system S = I(Si, S 2 , S 3 , £4)- 


and reset terms. We obtain two identical deterministic control systems E 14 and E 23 . We show that is an 
abstraction of E^, i € {14,23} by computing an SSF-M 2 function from E^ to E^. In the third step, we fix a 
sampling time r > 0 and use the MATLAB Toolbox MPT [HKJM13] to synthesize a safety controller that 
enforces the safety constraints on E = I(Ei 4 , E 23 ) at all sampling ti mes fc r, k gN. In the final step, we refine 
the computed controller for E to a controller for E. We use Theorem 3.5 to establish a bound on the distance 


in the 2nd moment metric between the output trajectories of E and the safe set S. 

6.1. The interconnected system. Let us consider the system illustrated in Figure]^ The subsystems Si 
and E 2 are double integrators and E 3 and E 4 are autonomous triple integrators. All systems are affected by 
a scalar Brownian motion and a Poisson process. For j G {1, 2} the system matrices are given by 


— 


Bo = 


= 


= 0.4/2, 


Rj — 0 . 1 / 2 , 


and for i G {3,4} by 

A,, = 


0 

1 

O' 


'1 

0 

0 

1 

. B, = Q,Cj = 

0 

-24 

-26 

-9 


0 


Ei — 0 . 4 / 3 , Ri — 0 . 1/3 


The rate of the Poisson process Pt is X = 4.2. The output of Ei (resp. E 2 ) is connected to the internal input 
of E 4 (resp. E 3 ) and the output of S 3 (resp. S 4 ) connects to the internal input of Si (resp. E 2 ). The output 
functions hij{xi) = CijXi are determined by Ca = C'i(i_ 2 ) = [l 0 O] for i G {3,4}, (723 = ^^14 = [l O] ^ud 
hij = 0 for the remaining i, j G [1; 4]. Correspondingly, the internal input matrices are given by 


d^O, jG{l, 2 }. 



■ 0 ■ 



£>41 = D 32 = 

-d 

> A ( 1 + 2 ) - 

0 

d 


5d 




Subsequently, we use Ci = C 14 , C 2 = C 23 , Ci = Cu, i G {3,4}, 
and denote the JLSS by E^ = (A^, Bi, Ci, E>i, Ei, Ri). 


Di — Di3, D2 — D24, D3 — D32, D4 — D41, 


6.2. The abstract subsystems. In order to construct an abstraction for I(Ei, S 2 , E 3 , E 4 ) we construct an 
abstraction E^ of each individual subsystem E^, i G {1,2, 3,4}. We begin with i G {1,2} and follow the steps 
outlined in Table First, we fix k = 3 and solve an appropriate LMI (see Lemma 5.2) to determine the 


matrices Mi and Ki so that (5.2) and (5.3) hold. We obtain 


M, = 


' 1.68 

0.4' 

, = 

■-9' 

0.4 

0.23 


-4 


We continue with step 2. and determine 


Pl=[l - 2 ] 


so that ( |5.13| )-(5.17) hold. The matrices Pi, Ei, and Gi that (5.12bl-(5.12e) hold, follow by Pi = [l O], 
GJ = [0 2 ], and Ei = [l O]. We continue with steps 3.-8. and get the scalar abstract JLSS subsystems E^, 

i G {1, 2} with 

A, = - 2 , B, = 1, A = 0 , A = 1, A = 0 . 4 , A = 0 . 1 . 
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Simultaneously, we compute Qi = 2 and Si = —d. As already discussed in Remark |5.6[ Di € imBi and we can 
choose Di = 0. It follows that the subsystems i G {1, 2}, are not affected by internal inputs, which implies 
that the interconnection between E 3 (resp. E 4 ) and Ei (resp. E 2 ) is absent on the abstract interconnected 
system E; compare also Figure]^ and Figure 

We continue with the construction of Ei for i G {3,4}. We repeat the procedure and obtain 

'6.924 3.871 0.468' 

3.871 2.534 0.315 
0.468 0.315 0.054 


M,, = 


K, = 0 . 


In step 2., we compute 


= 


1 -2 
1 -3 


so that (5.13)-(5.17) hold. The equations (5.12bl-(5.12e) are satisfied by 


p. — 1 
— 6 


0 -9 -3 
0 4 2 


Gf = [1 0 0 ], and Fi = | [6 5 l]. We follow steps 3.-8. and get the 2D abstract JLSS subsystems Ei, 

i G {3,4}, where 


A = Q _3 ,5, = , A = d ; , A = [1 1] , 

with the diffusion and reset terms again given by A = O. 4/2 and A = O.I/ 2 . Moreover, Qi = 0 and Si = 0. 


For all i G {1,2,3,4}, equations (5.2), (5.3), and (5.7) hold. Hence, Theorem 5.3 applies and we see 
that Vi{xi,Xi) = {xi — PjXiA Mjjxj — PiXi) is an SSF-M 2 function from Si to Ei for all i G [1;4]. More¬ 


over, (5.12[) holds and Theorem 5.7 implies that all the behaviors of Ei are preserved on Si. Following the 


proof of Theorem 5.3 we see that the interface function for i G {1, 2} follows by (5.9) as 

Pji>,(xi,ii,Ui, Wi) = K^{xi - P^Xi) - 2xi - 2.5uj - dw^, 


( 6 . 1 ) 


and i^io. = 0 for i e {3,4}. Here we used (5.10) to compute Ri = —2.5 for i G {1,2}. Although the internal 


input matrices for Ei and S 2 are zero, the internal inputs wi = and W 2 = iji still appear in the interface 


function. As provided in the proof of Theorem 5.3 and by fixing tt = 1, the /Coo functions for i G {1,2} and 
j G {3,4} are given by 

Pzext('5) — 0.16s, Piint(^) — 1.3d S, 

Ppxt)'^) 150s, 7.9d s, 

for any s € M>o- 


6.3. The interconnected abstraction. We now proceed with Theorem |4.2| to construct a stochastic sim¬ 
ulation function form S to E. We start by checking the Assumption Note that pa^t satisfies the triangle 


inequality and we use Remark 


4.4 


to see that Assumption holds for 7 i(s) = s, Xi = 2 , and Sij are given by 
0 0 1.3 0 


A = d^ 


0 

0 

7.9 


0 

7.9 

0 


1.3 

0 

0 


Additionally, we require the existence of a vector p G E>o satisfying ( |4.5[ ) , which is the case if and only if the 
spectral radius of A is strictly less than one, i.e., l/2\/l.3 x 7.9d^ < 1, which holds for example for d = 1/2. 
One can choose the vector /r as /r = [2 2 1 1] and, hence, it follows that 

2 


V{x,x) = '^2V,{xi,Xi) ■ 
2=1 


4 

E 

2=3 


Xj), 





































APPROXIMATIONS OF STOCHASTIC HYBRID SYSTEMS: A COMPOSITIONAL APPROACH 


19 


is an SSF-M 2 from I(Si, £ 2 ; S 3 , S 4 ) to I(Ei, S 27 S 3 , S 4 ) where the interface function follows from ( 6 . 11 . 
Following the proof of Theorem 4.2 we see that V satishes (|3.2[) with a(s) = s and (3.3) with 7 j(s) = 1.35s, 


Pext(s) = 150s, and pint = 0. Here, we computed rj and pext according to (4.8a) and (4.8b). Subsequently, we 


design a controller for S via the abstraction S. We restrict external inputs for S 3 and S 4 to zero, so that we 
can set pjext = 0, j G {3,4}. As a result pext reduces to /Oext(s) = 0.16s, Vs G K>o, and we use Theorem 3.5 
in combination with Remark |5.4| to derive the inequality 




-1.35t 


E[y(a,a)] + 0.12E[||z> 


IL] 


( 6 . 2 ) 


6.4. The deterministic system and the controller. The synthesis of the safety controller is based on 
a deterministic system E which results from E by omitting the diffusion and reset terms. In particular, we 
determinize the identical systems S 14 = I(Si, S 4 ) and S 23 = T(S 2 , S 3 ) and obtain for i G {14, 23} the systems 


S, 


r. 

1 

to 

0 

1 


o' 

1 m = 

0 -3 d 

!*(/) + 

0 

1 

0 0-2 


1 

Ig(/) = [i 1 o]f,(i). 




i'i(i), 


We compute an SSF-M 2 function V(£,x) = \x] xYM\x] x] from S = Z(Si 4 ,S 23 ) to S, by solving an appro¬ 
priate LMI. The matrix M results in 

0 


M = 


mi 

0 

T 

-m 2 

0 


mi 

0 


-m 2 

0 

m3 

0 


O' 

-m 2 

0 

m3_ 


with 



'1.1400 

1.3072 

0.0052' 


'1.1437 

1.3112 

0.0060' 


'1.1793 

1.3649 

0.0081' 

mi = 

1.3072 

1.6968 

0.0228 

, m 2 = 

1.3365 

1.7181 

0.0218 

, m 3 = 

1.3649 

1.7631 

0.0224 


0.0052 

0.0228 

0.0104 


0.0089 

0.0230 

0.0085 


0.0081 

0.0224 

0.0079 


The associated /Coo functions for V are given by a{r) = r, r]{r) = 0.82r, Pext{r) = 0.32r, and pint = 0. Again 
we use Theorem 13.51 and Remark 15.41 to establish 

(6.3) 


E[||Ca.(/) - Camn < e-‘'-«^*E[y(a, a)] + 0.4||z> 


Next we design a safety controller to restrict the output y S K of S^, i e {14,23} to [0 5]. Additionally, to 
control the mismatch between the trajectories of S and S, we limit the inputs to m S [—1 1]^. We fix the 
sampling time to r = 0.1 secs and use the MATLAB Toolbox MPT |HKJM13] to compute a safety controller 
AT : K® — 2 [“i 1 ] ^ which when applied in a sample-and-hold manner to S enforces the constraints at the 
sampling instances t = /cr, k G N. A part of the domain of the controller, which restricts the initial states of 
S is illustrated in Figure]^ Note that AT is a set-valued map that provides, for each state x in the domain of 
K, possibly a set of admissible inputs K{x) C [—1 1 ]^. 


6.5. Input trajectory generation and performance guarantees. We use the closed-loop system con¬ 
sisting of S and K to generate input trajectories for E. Let (^, v) be a trajectory of S that satisfies AT, 
i.e., V is constant on the intervals T\k, (fc -|- 1)[, k G N, and satisfies v{kT) G KY{kT)) for all k G N. We use 


the interface (6.1) to compute the input trajectory v for E. Using the bounds in (6.2) and (6.3), the overall 


estimate between output trajectories of E and E follows to 

^ W - Ca.(/)f ]) ' < (E[||Ca.(/) - a.(/)f ]) 


< e 


-0.67t 


E[U (a, a)]' 


%(E[|iCa.(/)-Ca.(/)f])^ 

“■4“E[U(a,a)]5+||;;|U. 


(6.4) 
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Figure 6 . Part of the domain of the safety controller. The left hgure shows the projection 
on ii and X 2 - The right figure shows the projection on X 2 and x^. 


We show some simulation results of the controlled system in Figure The initial state of S is fixed as 
a = [1; —1; —5; 1; —1; —5; 1; —2; 1; —2]. We determine the initial state for E as well as E as the vector d £ K® 
lying in the domain of the controller and minimizing V{a,d) which is d = [1.44; —0.69; 1.44; —0.69; 1; 1]. We 
randomly pick the input ^(/cr) in K{^{kT)). In the top two plots of the figure, we see a realization of the 


observed process Ci (resp. C 2 ) and Ci (resp. C. 2 ) of E and E, respectively. On the middle plot, we show 
the corresponding evolutions of the rehned input signals vi and 1^2 for E. On the 2nd plot from bottom, 
we show the square root of the average value (over 1000 experiments) of the squared distance in time of the 
output trajectory of E to the one of S, namely, ||Cai/ — Co^lP- The solid black curve denotes the error bound 
given by the right-hand-side of (6.2). On the bottom part, we show the square root of the average value 
(over 1000 experiments) of the squared distance in time of the output trajectory of E to the set S, namely, 
IlCai-COIIs- Notice that the square root of this empirical (averaged) squared distances is significantly lower 
than the computed bound given by the right-hand-side of (6.4), as expected since the stochastic simulation 
functions can lead to conservative bounds. (One can improve the bounds by seeking optimized stochastic 
simulation functions.) 


7. Summary 

In this paper we proposed a compositional framework for the construction of infinite approximations of in¬ 
terconnected stochastic hybrid systems by leveraging some small-gain type conditions. We introduced a new 
notion of stochastic simulation functions to quantify the error between the stochastic hybrid systems and their 
approximations. In comparison with the similar notion in |,IP09) . our proposed notion of stochastic simu¬ 
lation functions is computationally more tractable for stochastic hybrid systems with inputs. Moreover, we 
provided a constructive approach on the construction of those infinite approximations for a class of stochastic 
hybrid systems, namely, jump linear stochastic systems. Finally, we illustrated the effectiveness of the results 
by constructing an infinite approximation of an interconnection of four jump linear stochastic systems in a 
compositional manner. We employed the constructed approximation as a substitute in the controller synthesis 
scheme to enforce a safety constraint on the concrete interconnected system, would not have been possible to 
enforce without the use of the approximation. 


Appendix 


Proof of Lemma \3.()\ Lemma 3.6 is an extension of Lemma 4.4 in [LSW96j and the proof follows similar ideas. 
The proof includes two steps. We first show that the set [0,so], Sg := r]~^{2g), is forward invariant, i.e., if 
y{to) £ [0, sg], then y{t) £ [0, sg] for all t > tg. For the sake of contradiction, suppose the trajectory y visits 
[0, Sg] and then later leaves it. Due to the continuity of y, this implies that there exist a time instance t > to 
and positive value e > 0 such that yfto) = sg and y(t) = sg -I- e, and ?/(t) > sg for all t £ [tg, t\. In view of the 
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0 12 3 





Figure 7. Top two plots: One realization of Ci (resp. C 2 ) (— ) and (resp. C 2 ) (-)• The 
middle plot: the corresponding realization of external inputs vi (— ) and V 2 {—) of E. The 2nd 
plot from bottom: Square root of the average values (over 1000 experiments) of the squared 
distance of the output trajectory of E to the one of E. The solid black line indicates the error 
bound given by the right-hand-side of (6.2). Bottom plot: Square root of the average values 
(over 1000 experiments) of the squared distance of the output trajectory of E to the safe set 


S'. 
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lemma hypothesis, we then have 


0 < e = y{t) - y{to) < 


[-•n{yij)) + 9] < 0 , 


*0 


which concludes the first step. In the second step, we assume that ?/(0) > sq. Consider the function k : K>o —>■ 
M defined as 

— dr 

min{ 77 (r), r} 

Let ts be the first time that the process y reaches Sq; i-S-j is '■= inf{t > 0 : y{t) < so}j^ In the following we 
show that the function 



AM):={(7.1) 

is indeed the desired ICC function for the lemma assertion. Note that for all t G [0,<s], we have Ti{y{t)) > 2g, 
and that we have 


vW 

K{yit)) - K{y{0)) = J 

y(o) 


-d(y('r)) 

min{? 7 (y(r)),j/(r)} 


> j v{y{r))-9 j hiy(^)) d-M 

min{ri{y{T)),y{T)} r]{y{T)) “2 

0 0 


The above observation together with the fact that the function k is strictly decreasing on (0,cx)) imply that 


y{t) < K ^(^K{y{0)) +t/2y \/tG[0,ts]. 

Note that lims^o'«(s) = 00 , and since k is strictly decreasing on (0,oo), the function Oir^t) defined in is 
a /Coo function in the first argument for each t, and decreasing with respect to the second argument for each 
nonzero r. As such, the function i/(r,/) is a ICC function. Combining the results of the two steps concerning 
the intervals [ 0 ,/s] and {ts,oo) concludes the desired assertion. □ 


Proof of Theorem \3.5\ For any time instances t > to > 0, any z>(/) G M™, any u)(t) G and any random 
variable a and a that are J^o-measurable, there exists v{f) G K™ such that for all tv(t) G one obtains 


E 


aiyuj (^) 5 Cdt'o) (i)) 


= E 


ai/uj (io) (/q)) + / •^F(^a! 7 w(s),Cai>D(s)) ds 


'io 


< E 

< E 


ai^uj (^o)j ^ddtl; do)) 


• IE 


to 


-'n{y{fauu,{s),f-aOib{s))^ + Pext (|| i>(s) ) + /Oint (|| w(s) - w(s) 1^) d S 


V{fauui{h)AaPui{to)) + [ V{fauu{s),iai>6jis)) )+E Pext (1^1! L) + Pint (||w - W || ^ ) 

JtQ 


d s, 


where the first equality is an application of the Ito’s formula for jump diffusions thanks to the polynomial rate 
of the function V [0SO51 Theorem 1.24], and the last inequality follows from Jensen’s inequality due to the con¬ 
vexity assumption on the function ry |Oks02[ p. 310]. Let us define the process y{t) := ^[V, favuit))] ■ 
Note that in view of the Ito’s formula, the process y{-) is continuous provided that the soluti on p rocesses ^avuj 
and fa 0 ui have finite moments. This is indeed the case under our model setting in Definition |2.l[ in particular 
due to the Lipschitz continuity of functions /, cr, r,/, d, f I0SO5I 1.19]. Therefore, the process y{t) meets all 
the required assumptions of Lemma |3.6[ implying that there exists a ICC function d such that 

E[^(U<.d)iaS^d))]<^(E[V^Ka)]d)+p-'(2IE[pext(lli>ll^) + Pint(llcc-w||^)]). (7.2) 


^By convention, inf0 = oo. 
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In view of Jensen’s inequity and using equation (3.2), the convexity of a and the concavity of PextiAntj we 
have 


a(E[||Ca.c.W - ]) < E [a {WCaUt) - )] < E W, W) 

< i?(E[y(a, a)],t) + r,-^ (2pext (E[||i>||^]) + 2pi„t (E[||a; - 
which in conjunction with the fact that a € ICoo leads to 


J)). 


E 


WCaUt) - UoUt)f] <a-i('i?(E[E(a,a)],t)+77-i(2pext(E[||i>||^])+2pi,t(E[||a;-ia||^]) 


< a' 


■i(|2i9(E[E(a,a)],t)) +a ^(277 ^(4pext(E[||i>||^]) j + a ^(277 i(4pint(E[||w - ca||^]))) . 


Therefore, by introducing functions /?, 7exti and 7int as 


P{r,t):=a ^{2'd{r,t)), 

7ext(r) := ( 277-1 (4pext(T))j, (7.3) 

7int(r) := a"!( 277-1 (4pint(r))), 


inequality (3.4| is satisfied. Note that if a~^ and 7]~^ satisfies the triangle inequality (i.e., a~^{a b) < 
a-i(a) + a~^{b) and r]~^{a + b) < 77 - 1 ( 0 ) + r]~^{b) for all a,b G K>o), one can divide all the coefficients by 
factor 2 in the expressions of /3, 7ext, and 7int in (7.3) to get a less conservative upper bound in (|3.4[). □ 


Proof of Proposition \37^ Since V is an SSF-Mj, function from S to S and r]{r) > Or for some 9 G K>o and 
any r G K>o, for any i> G ZJ, any w G W, and any random variable a and a that are Jr-nieasurable, there 
exists V gU such that for all w G W one obtains: 

CV < - OV (t) , (t)) + Pext (|| I>|| ^ ) + Pint (|| W - W || ^ ) . 

Since there exists a constant e > 0 such that e > Pext(||77||^) + Pintdl^ — w||^), one obtains: 


cv <-0V (^ 

ai/w (t) , ^ai>c2j (0^ “h 

and the following chain of inequalities hold: 


(7.4) 


P < sup 
Lo<i<T 




;a]|=p| 


sup a 

0<t<T 


Cauuj{t) - Ca 0 uj{t) > a{£^) \ [a; a] 


<P I sup^E (iauuj{t),ia0Cj{t)^ > oi{£^) \ [a;a]| . (7.5) 


Using inequalities (7.4), (7.5), and Theorem 1 in |Kus67[ Chapter III], one obtains the inequalities (3.5) and 

dT^. □ 


Proof of Proposition \3.8[ The proof is a simple consequence of Theorem 3.5 and Markov inequality |Oks02) . 
used as the following: 


P 


i(t) Coi>w(Z)|| ^ c) 


E[||Ca,.a;(t) - Cai)c:,(t)H] ^ (e J|Cat^a;(t) ai>::,(t)f ) 


< 


< _ 

e s 

{/3 (E[E(a, a)], t) + 7ext(E[||;>||^]) + 7int(E[||a; - w||^]))' 


(7.6) 
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Proof of Corollary \3.9[ Since V is an SSF-M^ function from S to S, for p = 0 and any random variable a and 
a that are J^o-measurable, there exists v G U such that one obtains: 


CV <-v{v , 


implying that V (^faiy(t), iao(t)^ is a nonnegative supermartingale |Oks02[ Appendix C]. As a result, we have 
the following chain of inequalities: 


P I sup 

Lo<t<oo 


Ca.(t) - Cao(i) 



r -il 

> e 1 

[a; a\ 


sup a 

0<t<oo 


- (do(i) > I [a; a] 


<p| sup V (fai^(t),iao(t)) > a(s^) | [a;a]j < 

I 0<t<oo ^ > 


V(a, a) 
a(e^) 


where the last inequality is implied from V(faiy(t), fdo(t)) being a nonnegative supermartingale and |Kus671 
Lemmal]. □ 


Proof of Lemma \5.1\ Consider the jump linear stochastic system S with a linear feedback control law u = Kx, 
where K G satisfying 

9 

d^(t) = (A + SiG)e(t)dt + F;e(t)dfPt + ^i?*C(t)dP(h 

Define the matrix-valued deterministic process <l>(t) := Applying the Ito’s formula for jump 

diffusions |0SO5| leads to the following differential equations describing the time-evolution of the deterministic 
process d>(t): 

9 9 9 

$(t) = [A + BK + Y^ + BK + Y^ + E^{t)E'^ -h ^ \M{t)Rf. (7.7) 


2=1 


2=1 


2 = 1 


To see further details on how the above ODE is derived, one can view each element of the matrix ^{t) as 
an M-valued mapping and treat it in the same way as we considered the Lyapunov function in the proof 
of Theorem PL and consequently arrives at fFTt - From linear system theory, one can readily check that 
the ODE in (7.7) is asymptotically stable (implying E is mean square asymptotically stable) if and only if 
P($(t)) = Tr(M$(t)) = is a Lyapunov function for (7.7) for a positive definite matrix M 

□ 


satisfying condition ( |5.3[ ), which completes the proof. 

Proof of Lemma [V5| Suppose that imL> % imP-l-imB, then there exists re G so that Dw Px — Bu holds 
for all X G M”, u G K™. Hence (5.7b) cannot hold for any matrix D and S. Now suppose imD C imP-|-imH. 
Let Ci denote the columns of Ip. Then there exist di G M" and Si G K"* so that Dci = Pdi — Bsi holds for all 
i G {1, •.. ,p\ and the matrices D = [di ... dp] and S' = [si ... Sp] satisfy (5.7b|. □ 
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